OIPC Logo
  • Contact Us
  • Site Map
  • Privacy Policy

Guides

The OIPC is undertaking a review of its resources. If there is a resource from the previous website that is no longer available, please contact the office.

  • 8 Tips for Managing Emails

    This one-page tip sheet is based on the OIPC's Guidelines for Managing Emails. This guidance was issued to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Published in March 2019.

  • Access Impact Assessment Guidelines for Proactive Disclosure

    This document provides guidance on how to prepare an Access Impact Assessment for proactive disclosure of information. Published in September 2016.

  • Alberta Netcare: Know Your Rights Guide

    This guide outlines the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

  • Guidance for Electronic Health Record Systems (PDF)

    This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. Published in June 2016.

  • Guidance for Electronic Health Record Systems (Word)

    This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. This is an editable version of the guide. Published in June 2016.

  • Guide for Businesses and Organizations on the Personal Information Protection Act

    This guide was developed to help businesses and organizations understand roles and responsibilities under PIPA during the collection, use, disclosure and safeguarding of personal information of clients and employees. Published in November 2008.

  • Guidelines for Licensed Premises: Collecting, Using and Disclosing Personal Information of Patrons

    These guidelines were prepared to help licensees comply with PIPA and the Gaming and Liquor Act. The guidelines are an administrative tool intended to assist in understanding the legislation. Published in 2009.

  • Guidelines for Managing Emails

    The OIPC issued this high-level guidance document to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Although the guidance provided in this document is directed at managing emails, the general principles may assist in managing records in other formats. Published in March 2019.

  • Guidelines for Social Media Background Checks

    When organizations search for information about an individual, the collection, use and disclosure of that personal information is subject to the privacy provisions of PIPA. This guide urges organizations to understand the legal implications of conducting a background check using social media. Published in December 2011.

  • Health Information A Personal Matter: A Practical Guide to the Health Information Act

    This guide is intended to give custodians a basic understanding of HIA, including the areas custodians are most likely to encounter in the course of their practice or employment. It points out the major duties and powers created by the Act and the rules governing how those duties are to be fulfilled and how those powers are to be exercised. Published in August 2010.

  • Health Information Act: Use and Disclosure of Health Information for Research

    This guide explains the rules set out in HIA regarding the use and disclosure of health information for research purposes.

  • Key Steps in Responding to Privacy Breaches

    This document outlines the four key steps in responding to privacy breaches for use by organizations, custodians or public bodies. The purpose is to provide guidance on how to manage a privacy breach. Updated in August 2018.

  • Privacy Impact Assessment Guidelines for Insurers Looking to Implement Usage-Based Insurance Programs in Alberta

    This document was prepared by the OIPC to provide privacy impact assessment (PIA) drafting guidance to insurers who may decide to prepare and submit a PIA to the OIPC ahead of offering usage-based insurance (UBI) in the province of Alberta. Published in January 2016.

  • Privacy Impact Assessment Requirements

    This guide is meant to assist public bodies, health custodians and organizations in drafting PIAs for projects that hat have privacy risks. Please note that all mention of legislation in this guide refers to the Health Information Act as there is a legislated duty to prepare privacy impact assessments (section 64 of HIA). Published in 2010.